package cn.sc.summer.auth.config;

import cn.sc.summer.auth.filter.AppLoginFilter;
import cn.sc.summer.auth.filter.LoginFilter;
import cn.sc.summer.auth.filter.SmsCodeLoginFilter;
import cn.sc.summer.auth.handler.LogoutHandlerX;
import cn.sc.summer.auth.handler.LogoutSuccessHandlerX;
import cn.sc.summer.token.constant.LoginAPIConstant;
import cn.sc.summer.token.handler.server.AccessDeniedHandlerX;
import cn.sc.summer.token.handler.server.AuthenticationEntryPointX;
import lombok.extern.slf4j.Slf4j;
import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

import javax.annotation.Resource;

@Slf4j
@Configuration
@EnableWebSecurity
public class SecurityWebConfig extends WebSecurityConfigurerAdapter {

    @Resource
    private LoginFilter loginFilter;

    @Resource
    private SmsCodeLoginFilter smsCodeLoginFilter;

    @Resource
    private AppLoginFilter appLoginFilter;

    @Resource
    private AuthorizationManagerX authorizationManagerX;

    @Bean
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    @Override
    protected void configure(HttpSecurity httpSecurity) throws Exception {
        log.info("==> Start initialization the Spring Security config...");

        //端点检测放行
        httpSecurity.authorizeHttpRequests()
                .requestMatchers(EndpointRequest.toAnyEndpoint())
                .permitAll()
                .anyRequest()
                .access(authorizationManagerX);

        //关闭csrf防护
        httpSecurity.csrf()
                .disable();

        // 禁用httpBasic
        httpSecurity.httpBasic()
                .disable();

        //异常处理
        httpSecurity.exceptionHandling()
                .authenticationEntryPoint(new AuthenticationEntryPointX())
                .accessDeniedHandler(new AccessDeniedHandlerX());

        // 退出处理
        httpSecurity.logout()
                .logoutUrl(LoginAPIConstant.LOGOUT)
                .addLogoutHandler(new LogoutHandlerX())
                .logoutSuccessHandler(new LogoutSuccessHandlerX());

        //表示替换掉原来的UsernamePasswordAuthenticationFilter的位置
        httpSecurity.addFilterAt(loginFilter, UsernamePasswordAuthenticationFilter.class);
        httpSecurity.addFilterAt(smsCodeLoginFilter, UsernamePasswordAuthenticationFilter.class);
        httpSecurity.addFilterAt(appLoginFilter, UsernamePasswordAuthenticationFilter.class);

    }

}
